AppSec Jobs
← Back to all jobs

Raft

Software Security Engineer

McLean, VAWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Raft

Raft is a digital consulting and technology firm founded in 2018 by Shubhi Mishra. The company specializes in advanced AI, autonomous data fusion, and modular scalable data platforms, primarily serving the U.S. Department of Defense and various national security organizations. Headquartered in McLean, Virginia, Raft is an SBA Certified 8(a) Women-Owned Small Business, employing around 145 people and generating estimated revenue between $5 million and $12.7 million. Raft focuses on delivering user-first, scalable digital solutions that enhance mission-critical operations. Their services include autonomous data fusion for real-time awareness, modular AI and data platforms, and software development expertise. They provide operational solutions as a prime contractor for the DoD and national security, supporting tasks such as threat detection and tactical decision-making. Raft emphasizes a people-first culture and utilizes open-source technologies to ensure adaptability and security in their offerings.

Industry

information technology & services

Employees

360

193 engineers

Revenue

$13M

Website

Visit →

Security at Raft

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

Raft's stated AppSec mission is to "ensure security and speed at every turn." The company emphasizes developer enablement over gatekeeping, aiming to "abstract away as many of the implementation details as possible" so "developers don't need to do anything to activate or turn on that security." Their risk philosophy centers on "STIG-compliant hosts and Zero-Trust model for automated security enforcement." Raft's core belief, as articulated by founder Shubhi Mishra, is that "The U.S. is trying to fight a modern war with ancient tools," reflecting their commitment to modernizing security approaches for mission-critical operations.

Security Team

  • Raft's AppSec team structure is not publicly defined with a dedicated Application Security function.
  • Current team size estimates around 201-500 employees.
  • Leadership includes Shubhi Mishra (Founder & CEO) and Col (R) Frederick "Trey" Coleman (Chief Product Officer).
  • AppSec roles are frequently titled under 'DevSecOps' or 'Software Security' suggesting integration with platform/engineering teams. As of April 2, 2026, there are 2 active AppSec job postings (Principal DevSecOps Engineer, Software Security Engineer) with common skill patterns including GitLab Runners, Security+ certification, CI/CD pipeline configuration, Kubernetes, and Active Top Secret Clearance requirements.

Key Initiatives

  • Raft's AppSec initiatives include 'Shift Left' practices with pre-commit hooks installed on developer machines.
  • Vulnerability management involves continuous run-time vulnerability scanning and alerting.
  • The secure SDLC incorporates CI/CD integration with automated Software Bill of Materials (SBOM) generation.
  • Recent initiatives include the launch of the Raft Data Platform ([R]DP) featuring cell-level security controls.
  • However, no public Security Champions program or published SLAs/MTTR metrics for vulnerability remediation have been documented.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.